LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-17-2009, 11:14 AM   #1
Ricky00
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Rep: Reputation: 0
Stunnel4 as server


Hi.

I tried many ways to configure this program (Stunnel4) but cannot install it correctly.

Right now, I got Ubuntu 9.04 normal edition installed. I got aMule and Deluge (2 P2P programs). I was able to install them, to make them run as deamons and run them on startup. In fact, thoses programs can be acess thru http request. I want then to be ussed HTTPS request instead (I know that deluge can do that by internal options but prefer to configure only 1 SSL program for thoses 2 applications, plus another that will control a PHP script.

So I installed by Synaptic the only package Stunnel4.
I created 2 self-certificate (a .KEY and a .CRT files that I renamed for Stunnel).

This is that I got for Stunnel.conf (located at /usr/stunnel):
Quote:
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/server.crt.pem
key = /etc/stunnel/server.key.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

[ssmtp]
accept = 465
connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

[aMule]
accept = 40009
connect = 40010
TIMEOUTclose = 0

[deluge]
accept = 50009
connect = 50010
TIMEOUTclose = 0

; vim:ft=dosini
As you can see, I added at the end options for aMule and deluge.
Now, when I type:

http:\\192.168.1.7:40010 I enter Amule Web page
https:\\192.168.1.40009 DOES NOT WORK

http:\\192.168.1.7:50010 I enter deluge web page
https:\\192.168.1.7:50009 DOES NOT WORK

Others informations:
1) When I type stunnel4 in TERMINAL, promp return without error, but still does not work
2) When I type sudo stunnel4 and enter my password, it's the same thing as enter stunnel4, sill does not work.
3)Whnn I type /usr/bin/stunnel4, it's the same thing
4) files /etc/stunnel/server.crt.pem and etc/stunnel/server.key.pem does exist.

I need advice:
1) how to run it properly
2) how to put it on startup
3) where to look for more infos (log)

Thanks

Ricky00
 
Old 05-23-2009, 08:27 PM   #2
Ricky00
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Goss evening.

Finally, I was able to make my program work partially but I still have to fix somes small issues.

Without knowing where was the program, I went to the stunnel website downloading the latest version of Stunnel (more recent than the one distributed with Ubuntu 9.04)

I compile it and installed on the same directory than the old one, but stil I got the same problem. I read on the website how to edit the file stunnel4 in /etc/init.d. So, i tried to match the path if files and able to run it. However, I still not able to run it on startup of my PC

This is the file stunnel4 I was talking about:
Quote:
# Provides: stunnel4
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
### END INIT INFO

DEFAULTPIDFILE="/var/run/stunnel4.pid"
DAEMON=/usr/bin/stunnel4
NAME=stunnel
DESC="SSL tunnels"
FILES="/etc/stunnel/*.conf"
OPTIONS=""
ENABLED=1

get_pids() {
local file=$1
if test -f $file; then
CHROOT=`grep "^chroot" $file|sed "s;.*= *;;"`
PIDFILE=`grep "^pid" $file|sed "s;.*= *;;"`
if [ "$PIDFILE" = "" ]; then
PIDFILE=$DEFAULTPIDFILE
fi
if test -f $CHROOT/$PIDFILE; then
cat $CHROOT/$PIDFILE
fi
fi
}

startdaemons() {
if ! [ -d /var/run/stunnel4 ]; then
rm -rf /var/run/stunnel4
install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
fi
for file in $FILES; do
if test -f $file; then
ARGS="$file $OPTIONS"
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
echo -n "[Already running: $file] "
elif $DAEMON $ARGS; then
echo -n "[Started: $file] "
else
echo "[Failed: $file]"
echo "You should check that you have specified the pid= in you configuration file"
exit 1
fi
fi
done;
}

killdaemons()
{
for file in $FILES; do
PROCLIST=`get_pids $file`
if [ "$PROCLIST" ] && kill -0 $PROCLIST 2>/dev/null; then
kill $PROCLIST
echo -n "[stopped: $file] "
fi
done
}

if [ "x$OPTIONS" != "x" ]; then
OPTIONS="-- $OPTIONS"
fi

test -f /etc/default/stunnel4 && . /etc/default/stunnel4
test "$ENABLED" != "0" || exit 0

test -x $DAEMON || exit 0

set -e

case "$1" in
start)
echo -n "Starting $DESC: "
startdaemons
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
killdaemons
echo "$NAME."
;;
#force-reload does not send a SIGHUP, since SIGHUP is interpreted as a
#quit signal by stunnel. I reported this problem to upstream authors.
force-reload|restart)
echo -n "Restarting $DESC: "
killdaemons
sleep 5
startdaemons
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|force-reload|restart}" >&2
exit 1
;;
esac

exit 0
I called the files Stunnnel4 in /etc/init.d on startup with the command start but it does not work (in System -> Preferences -> Startup Applications)

If I type this command on console I got this error:
Quote:
printmanager@S2:~$ /etc/init.d/stunnel4 start
Starting SSL tunnels: [Failed: /etc/stunnel/stunnel.conf]
You should check that you have specified the pid= in you configuration file
The SSL at this point is NOT working
So, I tried this command instead:
Quote:
printmanager@S2:~$ sudo /etc/init.d/stunnel4 start
[sudo] password for printmanager:
Starting SSL tunnels: [Already running: /etc/stunnel/stunnel.conf] stunnel.
The error show is quite different. The process suppose to run but still not working.

So I did this:
Quote:
printmanager@S2:~$ sudo /etc/init.d/stunnel4 restart
Restarting SSL tunnels: [stopped: /etc/stunnel/stunnel.conf] [Started: /etc/stunnel/stunnel.conf] stunnel.
Then it works now !! ut I still not able to put it correctly on startup. I though that a permission for my user (not ROOT) was missing somewhere.

This is the permission I got from various files:
Quote:
printmanager@S2:~$ ls -als /etc/init.d/stunnel4
4 -rwxrwxrwx 1 root root 2429 2009-05-14 21:25 /etc/init.d/stunnel4

printmanager@S2:~$ ls -als /etc/stunnel/
total 36
4 drwxrwxrwx 2 root root 4096 2009-05-15 20:37 .
12 drwxr-xr-x 130 root root 12288 2009-05-23 20:55 ..
4 -rw-r--r-- 1 printmanager printmanager 1456 2009-05-05 21:06 server.crt.pem
4 -r-------- 1 printmanager printmanager 887 2009-05-06 21:18 server.key.pem
4 -rw-r--r-- 1 printmanager printmanager 963 2009-05-06 21:18 server.key.pem.org
4 -rwxrwxrwx 1 root root 1617 2009-05-13 21:57 stunnel.conf
4 -rw-r--r-- 1 printmanager printmanager 1615 2009-05-13 21:57 stunnel.conf~
I want to where to look now...

Thanks

Ricky00
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to monitor web server, FTP server, Mail server and database server vodka33us Programming 1 06-16-2008 04:20 AM
best distrubition for nas server and p2p download server and web server geosko Linux - Distributions 8 10-13-2006 09:20 AM
How the DNS-server is connected to work of a web-server and a mail-server? ukrainet Linux - Newbie 2 01-10-2005 09:18 PM
can we configure a Linux server with mail server,file server and web server kumarx Linux - Newbie 5 09-09-2004 06:21 AM


All times are GMT -5. The time now is 03:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration